CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8014 matches found

Positive Technologies•added 2026/03/03 12:0 a.m.•10 views

PT-2026-26405

Summary OpenClaw avatar handling allowed a symlink traversal path that could expose local files outside an agent workspace through gateway avatar surfaces. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.22 so after npm release, the remaining action is to publis...

6.8CVSS5.8AI score0.00327EPSS

Exploits0References8

Positive Technologies•added 2026/03/03 12:0 a.m.•5 views

PT-2026-22761

Name of the Vulnerable Software and Affected Versions Nokia IMPACT versions through 19.11.2.10-20210118042150283 Description A Cross-Site Request Forgery CSRF issue exists in Nokia IMPACT. This allows a remote attacker to import and overwrite the entire application configuration. The issue is due...

8.1CVSS5.8AI score0.00187EPSS

Exploits0References9

Positive Technologies•added 2026/03/03 12:0 a.m.•4 views

PT-2026-22733

A reflected cross-site scripting XSS vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7...

5.1CVSS5.9AI score0.00196EPSS

Exploits0References2

Positive Technologies•added 2026/03/03 12:0 a.m.•3 views

PT-2026-26415

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.21 Description OpenClaw versions before 2026.2.21 have an authentication bypass issue in the Control UI. This occurs when allowInsecureAuth is enabled and the gateway is exposed over plaintext HTTP, allowing...

8.1CVSS5.8AI score0.00381EPSS

Exploits0References10

OSV•added 2026/03/02 10:19 p.m.•4 views

GHSA-5GHC-98WH-GWWF OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read

Summary The Control UI static file handler previously validated asset paths lexically and then served files with APIs that follow symbolic links. A symlink placed under the Control UI root could cause out-of-root file reads. Affected Packages / Versions - Package: openclaw npm - Latest published...

3.3CVSS5.9AI score0.00131EPSS

Exploits0References3

Cvelist•added 2026/03/02 6:42 p.m.•29 views

CVE-2026-0013

In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00091EPSS

Exploits0References1

RedhatCVE•added 2026/03/01 1:43 a.m.•4 views

CVE-2026-28272

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface...

8.1CVSS5.9AI score0.00331EPSS

Exploits0References1

NVD•added 2026/02/27 9:16 p.m.•4 views

CVE-2026-28272

8.1CVSS0.00331EPSS

Exploits0References1

NVD•added 2026/02/27 9:16 a.m.•6 views

CVE-2026-2362

The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the 'alt' attribute of images processed by the "Long Description UI" feature in all versions up to, and including, 2.3.1. This is due to the plugin's JavaScript retrieving the alt attribute using...

6.4CVSS0.00205EPSS

Exploits0References6

RedhatCVE•added 2026/02/26 10:35 p.m.•5 views

CVE-2026-25138

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...

5.3CVSS5.4AI score0.00327EPSS

Exploits1References1

RedhatCVE•added 2026/02/26 10:35 p.m.•3 views

CVE-2026-25736

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Custom RSE Attribute of the WebUI where...

6.1CVSS5.9AI score0.00287EPSS

Exploits1References1

RedhatCVE•added 2026/02/26 10:35 p.m.•3 views

CVE-2026-25735

6.1CVSS5.9AI score0.00287EPSS

Exploits1References1

RedhatCVE•added 2026/02/26 10:35 p.m.•5 views

CVE-2026-25733

7.3CVSS5.9AI score0.0026EPSS

Exploits1References1

GithubExploit•added 2026/02/26 6:49 p.m.•131 views

ebpf_kernel_exploit_scanner

eBPF Kernel Exploit Scanner This repository contains a simplif...

5.8AI score

Exploits0

NVD•added 2026/02/25 8:23 p.m.•6 views

CVE-2026-25136

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.3.1 in the rendering of the ExceptionMessa...

8.1CVSS0.00263EPSS

Exploits1References5

NVD•added 2026/02/25 8:23 p.m.•8 views

CVE-2026-25734

6.1CVSS0.00287EPSS

Exploits1References5

CVE•added 2026/02/25 7:50 p.m.•8 views

CVE-2026-25736

Affected software : Rucio WebUI. Vulnerability : Stored Cross-Site Scripting (XSS) in the Custom RSE Attribute where attacker-controlled input is persisted and later rendered without proper output encoding. This enables arbitrary JavaScript execution within the WebUI context for viewers of affect...

6.1CVSS5.9AI score0.00287EPSS

Exploits1References5Affected Software1